A vulnerability in Cinepak Codec could allow remote code execution if the user runs a specially crafted media file or views specially crafted streaming content.

Cinepak Codec is a media encoder/decoder used to compress or decompress digital media files. It is supported by Windows Media Player.

To exploit this vulnerability, a specially crafted media file must be opened. The media content may be delivered as an e-mail attachment; it may also be delivered via streaming from a website. In the former case, the attachment must be manually opened by the user to trigger the vulnerability; in the latter case, the user must be induced to visit the site and view the content.

If successfully exploited, the vulnerability allows an attacker to gain the same user rights as the logged-in user. This may potentially allow the attacker complete control of the system. Users with fewer user rights on the system may be less impacted than those with full administrative rights.

Apply security updates:

Windows XP Service Pack 3
Security Update for Windows XP

Windows XP Professional x64 Edition Service Pack 2
Security Update for Windows XP x64 Edition

Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Security Update for Windows Vista

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Security Update for Windows Vista for x64-based Systems

Windows 7 for 32-bit Systems
Security Update for Windows 7

Windows 7 for x64-based Systems
Security Update for Windows 7 for x64-based Systems

http://www.microsoft.com/technet/security/Bulletin/MS10-055.mspx